Forum OpenACS Q&A: Response to How much time does it takes to set up bboard from scratch
Some of the Bastille scripts (and other security hardening measures) have to do with local exploits and security holes, i.e., local users being stupid and/or malicious. You have to consider things like setuid bits on certain binaries, not giving out root passwords and restricting people to sudo, etc.
I also forgot to mention Tripwire; configure it and run the scan nightly. And don't forget those backups! Your data is the most important thing; if you don't have recent backups, well, you're screwed.